As noted yesterday, "full disk encryption works." That was the conclusion from the US Navy's CIO. It seems this lesson is yet to be learned by their counterparts in the British Navy. The Royal Navy has sent investigators to Belfast because a USB stick with "'restricted' information on naval maneuvers and personnel" was found in a city garage. It's presumed that it was accidentally dropped from someone on the HMS Hurworth, a mine-hunting warship that moored in the area. (Their website currently lists 13 people as crew of the Hurworth.)
As noted yesterday, "full disk encryption works." That was the conclusion from the US Navy's CIO. It seems this lesson is yet to be learned by their counterparts in the British Navy.
The Royal Navy has sent investigators to Belfast because a USB stick with "'restricted' information on naval maneuvers and personnel" was found in a city garage. It's presumed that it was accidentally dropped from someone on the HMS Hurworth, a mine-hunting warship that moored in the area. (Their website currently lists 13 people as crew of the Hurworth.)
The loss of USB sticks has led to countless data breaches, some of them quite high-profile. Indeed, the problem has become so bad that the US military is banned from using USB sticks, period (although, it should be noted that other concerns, besides losing a USB device and causing a data breach, figured into the decision as well). What can one say? It's the nature of the device: USB sticks are small, capacious, and cheap. They don't require their own electricity, drawing power from the computer it attaches to. It never experiences downtime, unlike a network. And they're fast at reading and writing the data. In other words, it's a great way of losing tons of valuable data, easily. Nobody sets out to lose it, but these things cannot be prevented, no matter how many lanyards are used and how alert one happens to be. But, just because you can't prevent a device from getting lost doesn't mean you can't prevent a data breach. For example, the USB device could be protected using encryption software. The device still has the same probability of getting lost, but the chances of the data being accessed by unauthorized people has been decreased to nearly zero.
The loss of USB sticks has led to countless data breaches, some of them quite high-profile. Indeed, the problem has become so bad that the US military is banned from using USB sticks, period (although, it should be noted that other concerns, besides losing a USB device and causing a data breach, figured into the decision as well).
What can one say? It's the nature of the device: USB sticks are small, capacious, and cheap. They don't require their own electricity, drawing power from the computer it attaches to. It never experiences downtime, unlike a network. And they're fast at reading and writing the data.
In other words, it's a great way of losing tons of valuable data, easily. Nobody sets out to lose it, but these things cannot be prevented, no matter how many lanyards are used and how alert one happens to be. But, just because you can't prevent a device from getting lost doesn't mean you can't prevent a data breach.
For example, the USB device could be protected using encryption software. The device still has the same probability of getting lost, but the chances of the data being accessed by unauthorized people has been decreased to nearly zero.
Related Articles and Sites:http://www.guardian.co.uk/uk/2009/nov/29/navy-investigate-security-northern-irelandhttp://www.royalnavy.mod.uk/operations-and-support/surface-fleet/mine-countermeasure/hunt-class/hms-hurworth/